I completely forgot to mention this last night, but it sounded like
storing pause credentials in plaintext was considered suboptimal (funny
that). It's possible to use Dist::Zilla::Stash::PAUSE::Encrypted to read
your id/pw from an encrypted ~/.pause; it in turn uses
Config::Identity::PAUSE to handle gpg.
If you include it in your ~/.dzil/config.ini as:
[%PAUSE::Encrypted / %PAUSE]
...then things Just Work (assuming your ~/.pause is properly set up).
Disclaimer: I wrote the thing; I'm not sure it's an optimal approach but
it has been working for me so far.
-Chris